Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SmitFraund Trojan - Infection!

Started by sammyW , May 18 2005 06:25 PM

  • This topic is locked This topic is locked

#1
sammyW
Posted 18 May 2005 - 06:25 PM

sammyW

    Member

  • Member
  • PipPip
  • 44 posts
Hi guys

Please could somebody help me! I have been infected with the SmitFraund trojan.
I had trouble attaching the HJT file to this thread, so I have just included it underneath. I would be greatful if someone could have a look at this file

Regards,

SammyW


Logfile of HijackThis v1.99.1
Scan saved at 7:22:46 AM, on 5/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\clvtxvgl.exe
C:\windows\system32\qfdvpg.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\windows\system32\calc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sam White\Desktop\BackUp\Smitfraud\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\System32\WStart.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [o1HUmk] C:\WINDOWS\clvtxvgl.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [qfdvpg] c:\windows\system32\qfdvpg.exe
O4 - HKLM\..\Run: [bO²ùð/×y-¯Œ] C:\WINDOWS\clvtxvgl.exe
O4 - HKLM\..\Run: [bO²ùð/ØG%)ßfÏNb½¾C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\clvtxvgl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 - HKLM\..\Run: [PDFConverterReminder] "C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\Ereg\Ereg.exe" -r "C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\Ereg\ereg.ini"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

Also I should mention, I have done a couple of things which have lessened the effects. I deleted that security IGuard program, and deleted a couple of things in the previous HJT file that I knew should not be there. As a result I do not have that blue screen. Help will be greatly appreaciated.

Edited by sammyW, 18 May 2005 - 06:35 PM.

  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 19 May 2005 - 05:13 PM

Guest_Andy_veal_*
  • Guest
Moderator, Please close this topic!

Being assisted here:

http://www.geekstogo...30
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP